secure a driver's license, there is no governmental seizure to be prohibited or controlled by the warrant or probable cause requirements. Any privacy protection must therefore be statutory. Twenty-five years ago, a Democratic Congress enacted, and a Republican President signed into law, the Privacy Act of 1974. Congress feared that if the "use of the SSN as an identifier continues to expand, the incentives to link records and broaden access are likely to increase." The Senate Committee report described the growing use of the SSN as "one of the most serious manifestations of privacy concerns in the nation," including the risk that "the number may become a means of violating civil liberties by easing the way for indexing or locating the person." Senator Barry Goldwater (R-AZ) spoke on the Senate floor in vehement opposition to the increasing use of the SSN, calling on his colleagues "to stop this drift toward reducing each person to a number." For the most part, the Privacy Act only applies to threats to privacy by federal agencies and does not stop state agencies and commercial interests from threatening personal privacy. In a sense, Section 656(b) makes an end run around the Privacy Act by parking the personal information that would be disclosed at the state, instead of at the federal level. In fact, Section 656(b) would apparently represent the first time that the federal government had ever mandated that the SSN of virtually every adult in the nation be tied to a physical description or photograph of the person in records unprotected by the Privacy Act. Twenty years after the it passed the Privacy Act, Congress became troubled that state DMVs were selling to commercial interests personal information about drivers for as little as $20 per inquiry. In one case, a stalker used information in state DMV records to find his victim. In 1994, Congress enacted the Driver's Privacy Protection Act to establish rules to protect the privacy of the wealth of information drivers license applicants submit to their states in order to obtain a license to drive. 18 U.S.C. Sections 2721-5. The Driver's Privacy Protection Act cannot be relied upon to protect the privacy of drivers' personal information, such as their SSNs. Though it would bar DMVs from disclosing certain personal information (SSN, photo, address, name, phone number, medical information, but not physical description) about the driver, and threatens violators with civil and criminal fines and creates a civil cause of action for anyone whose privacy is violated, the statute lists 14 exceptions to its protective provisions. It gives law enforcement at all levels of government, and insurance companies and private investigators blanket exceptions, allows states to provide personal information to mass marketers and solicitors unless the driver affirmatively requests that it do not, and it allows any legitimate business to obtain a driver's personal information to verify the accuracy of information the business claims the individual submitted to it. More importantly, the statute has been successfully challenged on 10th Amendment grounds in at least three jurisdictions. Two weeks ago, a three-judge panel of the Fourth Circuit struck the Driver's Privacy Protection Act as an invalid exercise of Congress's power under the Commerce Clause in violation of the Tenth Amendment. Condon v. Reno, 97-2554, U.S. App. LEXIS 21557 (4th Cir. September 3, 1998). The federal government argued that drivers possess a right to privacy in the information maintained in state motor vehicle records that Congress can secure under the 14th Amendment. The court rejected federal government's privacy argument because: (i) the Supreme Court has never found a constitutional right to privacy with respect to the type of information found in motor vehicle records, which traditionally have been open to the public; (ii) the type of information in motor vehicle records is available from other public records such as property tax records; and (iii) the information in the records is commonly put on the driver's license and provided to strangers when a person cashes a check, boards and airplane, or purchases alcohol. Federal courts reached similar conclusions in Wisconsin (Travis v. Reno, No. 97-C-701-C, U.S. Dist. LEXIS 8570 (W.D. Wisc. June 9, 1998) (appeal pending)) and in Oklahoma (State of Oklahoma v. U.S., 994 F. Supp. 1358 (W.D. Okla. 1997)), and reached the opposite conclusion in Alabama (Pryor v. Reno, 998 F. Supp. 1317 (M.D. Ala. 1998). In many states, the state "open government" laws permit disclosure of personal information in the state driver's data base to a great degree. ACLU is a strong proponent of openness in government and favors many such laws because openness sheds light on secret governmental activity that could violate civil liberties. Suppression of information of public interest infringes on First Amendment rights by narrowing the range of information that enters the marketplace of ideas. The Driver's Privacy Protection Act cannot be relied upon to protect the privacy of drivers' SSNs in state DMV data bases. But it does illustrate that the best way to protect the privacy of such information is to prohibit (or to remove incentives to) collection of the SSN in the first place, rather than to control and punish disclosure after the SSN has already been put in a system of records maintained by a state. Section 7 of the Privacy Act originally prohibited states that did not already do so in 1974 from denying drivers licenses to applicants who refused to provide their SSN. This protection was reversed in 1976. 42 U.S.C. Section 405(c)(2)(C)(i). Section 656(b) does much more than permit states to demand the SSN of their drivers for their DMV records; it coerces states to put the SSN on the license itself. Potential for Misuse. Using the SSN as an identifier on federalized drivers licenses, as is contemplated in Section 656(b), would subject people to privacy intrusions, such as government surveillance and increased data collection and sharing. There are clear examples of how government-collected information has been used for a purpose other than that for which it was initially intended. Call these "cases of authorized misuse" to distinguish these abuses from criminal activity, such as fraudulent activity from ID theft. For instance, the confidentiality of Census Bureau information was violated during World War II to help the War Department locate Japanese-Americans so they could be forcibly moved to internment camps. During the Vietnam War, the FBI secretly operated the "Stop Index" by using its computerized National Crime Information Center (NCIC) to track and monitor the activities of people opposed to the United States' involvement in the war. The government's thirst for personal data tied to the SSN cannot be quenched. "Trust us with your personal information. We're the government," is not a theme that resonates well with the American people. Moreover, the government has facilitated private sector abuse of data tied to the SSN. It was discovered nine years ago that the Social Security Administration used to disclose SSNs to the private sector until public outcry halted the activity. Following the public disclosures, the SSA Commissioner announced in April, 1989 that the SSA had decided not to process magnetic tapes containing 140 million names and SSNs submitted by TRW Credit Data, a credit reporting company that has been succeeded by Experian Information Systems. The Senate conducted hearings and learned that the SSA had conducted three million SSN verifications for Citibank and other firms in past years. The private sector's use of the SSN to access information about individuals has evolved to a point never envisioned by its creators. For example, in a 1990 advertising brochure, Experian (then TRW), which held itself out as the nation's largest provider of consumer credit information and claims to maintain information on nearly 170 million consumers nationwide, advertised a service called Social Search: In pursuit of those who have disappeared - former customers, college alumni or This history shows the enormity of the temptation to expand the uses of data linked by a common identifier like the SSN, far beyond the purpose for which the data was originally given up. But having succumbed to this temptation in the past is no reason to facilitate such invasions in the future by effectively requiring that states put drivers' SSNs on their licenses. ID Fraud. Ironically, the more the SSN is used as a personal identifier, the less useful it becomes as an identifier. This is because unscrupulous criminals can steal a person's identity by appropriating their SSN. "ID Fraud" -- the process of obtaining another person's personal identifying information such as the SSN, date of birth and mothers' maiden name, then using that information to fraudulently establish credit, run up debt, or take over existing financial accounts is a growing problem. According to a recent GAO report, there has been a significant increase in identity theft in recent years. GAO, Identity Fraud, GAO/GGD-98-100BR (May 1998). It is estimated that 40,000 victims of identity theft must struggle each year to clear their names and fix their credit histories. Consequently, more and more people are trying to protect the privacy of their SSN. By coercing states to place drivers' SSNs on driver's licenses, Section 656(b) promotes ID theft. Many times when a person cashes a check at the grocery store, boards an airplane, or buys a beer, they show their license to a stranger who could sell the personal information on it to an ID thief. Insecure Data. Little needs to be said about how insecure even the most protected systems of data have become. Computer hackers have achieved access even to sensitive defense files. In 1997, the Social Security Administration itself was forced to shut down a service it offered on its web site after reports that it may have provided unauthorized access to information about individuals' personal income and retirement benefits on the Internet. In fact, the SSN is used as a key to unlock all manner of personal information about consumers. An internet-based industry has sprung up to harvest and sell personal information accessed through the SSN: auto ownership, creditors, criminal records, driving records, bank accounts and work histories are all alleged to be accessible. Since Section 656(b) would make drivers' SSNs more accessible to state workers harvest the number, and to every person who sees the number on a state-issued identification document, it will make this problem of protecting personal privacy much more difficult. CONCLUSION The SSN was never intended to be relied upon as an identifier. Historically, SSNs have been easy to obtain because there was no need for a secure card for purposes of administering the Social Security program. The number was used only to track payments into the Social Security Account. Many duplicate and inaccurate social security numbers are in use. A national ID system based on the SSN, and the nationalized ID cards that Section 656(b) would require, pose a direct threat to personal privacy and to the security of personal information. To forestall such a threat, we urge members of Congress to support H.R. 4197, the Citizen's Privacy Protection Act of 1998. It would repeal Section 656(b) of the Illegal Immigration Reform and Immigrant Responsibility Act of 1996. We believe that the Big Brother proposal which is represented by Section 656(b) should be stopped now so that further damage to the cause of privacy, and liberty, is contained. I will be happy to entertain any questions you might have. 7 Concerning the definition of a rule, we recognize that determining the precise scope of the definition as it applies to the widely varying rulemaking practices of the agencies involves questions of legal interpretation. For these reasons, we would welcome the participation of the agencies and the Department of Justice in developing a guidance that identifies the precise contours of the definition in a manner that will best facilitate full compliance with the law. As OIRA's authorizing and oversight committee, we expect to participate in this process at each step in the development of the guidance. We would prefer to begin this process of consultation by the second week of October and would like to receive a proposed draft of the guidance by the end of November. We believe that the end of March 1999 would be a reasonable target date for issuing a final guidance, allowing the agencies a fair opportunity to submit comments. I would appreciate it very much if you could send me a written confirmation of the understandings set forth in this letter by the close of business on Friday. If you have questions, please call me at 225-4407. |